How to verify a token contract?

One of the security-enhancing features we have implemented is the possibility to quickly verify a token's contract. Let's have a look at how to do it.

The asset page will look different depending on the token's market cap. On the left, you can see a token which is outside of the TOP1000 tokens by market cap. As a safety precaution, we have added a window with a message notifying the user about it.

To verify this token, click on the "Verify token" button or the EtherScan logo (below the red arrow). In the case of a token, which is in the TOP1000 tokens, only the EtherScan logo is available.

Once you click on the EtherScan logo or the "Verify token" button, you will be redirected to a corresponding page on EtherScan. On this page, click on the blue token name in the Token Tracker window (red rectangle in the picture below).

Once you click on the token name, you will be on the token overview page. This is where you can ensure that you are working with the actual token and not just an imposter. Important information to look at is the number of token holders (left red rectangle) and the profile summary (right red rectangle). In the profile summary, you can find the contract address of the token, the website link, and social media profiles.

Clicking on the "Holders" tab in the table shows important information as well. Most fake tokens will have very concentrated token holders. While this by itself is not a definitive sign of a fake token, a high concentration (90%or more) in a very few addresses is a red flag.

For some popular tokens, EtherScan already provides a verified check mark under the profile summary. This a first indication that the contract address is the right one. For further security continue reading.

Make sure that the contract address matches the one on CoinGecko or CoinMarketCap. Only by verifying the contract address you can be sure that the token you are interacting with is the actual token you wish to transact.

This is how you ensure you always handle the actual token, not an impostor one.

Last updated